How To Search LDAP using ldapsearch (With Examples)

How To Search LDAP using ldapsearch (With Examples)

Blog Hits: 4496

If you are working in on a Linux OpenLDAP server, the LDAP protocol is very useful to centralize authentication.

However, as your LDAP directory grows, you might get lost in all the entries that you may have to manage.

Luckily, there is a command that will help you search for entries in a LDAP directory tree : ldapsearch.

 

# 驗證是否有此帳號 (AD)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "CN=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" "(&(objectclass=user)(sAMAccountName=username))"


# 驗證是否有此帳號 (LDAP)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" "(&(objectClass=person)(uid=username))"


# 驗證是否有此帳號 (Zimbra)
ldapsearch -x -h LDAPSERVER:389 -b "ou=people,DC=DOMAIN,DC=LOCAL" -D "uid=zimbra,cn=admins,cn=zimbra" -w "BINDPASSWORD" "(&(objectClass=zimbraAccount)(uid=username))"


# 以完整格式搜尋使用者並取回帳號名稱 (AD)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" -s sub "(userPrincipalName=This email address is being protected from spambots. You need JavaScript enabled to view it.)" | grep "sAMAccountName"


# 以完整格式搜尋使用者並取回別名 (AD)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" -s sub "(userPrincipalName=This email address is being protected from spambots. You need JavaScript enabled to view it.)" | awk -F ":" -v i="mailNickname" '$1 == "mailNickname" {print $2}'


# 搜尋具有指定屬性及文字的帳號 (LDAP)
ldapsearch -x -H "ldap://LDAPSERVER" -b "CN=Users,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" -s base "(&(objectClass=user)(description=*字串*))"

 

---

Examples:

./ldapsearch -x -b "cn=groups,dc=amiam,dc=com" -H ldap://ldap-2 -D "cn=config" -w mypassword

ldapsearch -x -h ldap-2 -b "ou=people,dc=amiam,dc=com" -D "uid=zimbra,cn=admins,cn=zimbra" -w "mypassword" "(&(objectClass=zimbraAccount)(uid=jack))"

ldapsearch -x -h ldap-2 -b "ou=people,dc=amiam,dc=com" -D "uid=zimbra,cn=admins,cn=zimbra" -w "mypassword" "(&(objectClass=zimbraAccount)(uid=*))"

 

Reference: http://blog.jason.tools/2022/02/ldapsearch-cli.html

Related Articles

Connecting to the Console Port with Mac OS X

Connecting to the Console Port with Mac OS X

Zimbra Mail Server Data Sync

Zimbra Mail Server Data Sync

Configuring Logger Host for Zimbra Server

Configuring Logger Host for Zimbra Server

Office Locations

Macau

MAIN OFFICE - Rua Formosa No. 21, 3 Andar G, Edf. Yee Mei   (Tel: +853 8394 8394 ),

BRANCH - Avenida de Almeida Ribeiro, Beco da Cadeia No. 10A R/C  (Tel: +853 8394 8383 )

China

珠海香洲区奥园观山海商务广场8栋16楼1612室  (Tel: +86 15338-153379 ),